Evidence Must Be Serializable
The Evidence object acts as a collection for any sort of object that you want to add as evidence for an assembly or AppDomain. (It can get confusing because there is both an Evidence class and objects used as evidence. I'll capitalize the first one to disambiguate between them). Both the AddHost and AddAssembly methods take object parameters, which can lead to the conclusion that any object can be used as evidence.
However, the CLR does have the requirement that the objects you use for evidence must be serializable, as we will attempt to serialize the entire Evidence collection at various points (such as when you attempt to access the Evidence property of the AppDomain). If unserializable evidence is added to the collection, we won't complain up front, however SerializationExceptions may start to occur down the line when one of the operations that cause the Evidence collection to serialize is done.
(Incidentally, another property of evidence objects is that they must be non-null. Adding a null object to the Evidence collection can cause potential NullReferenceExceptions down the line.)
Comments
Anonymous
December 20, 2006
How come the appropriate methods do not check for ISerializable and/or null? An ISerializable check might be a bit cumbersome without changing the methods to take a reference to an ISerializable directly (which would break backcompat) but a simple if( null == obj ) check? Why would something like that be left out?Anonymous
January 02, 2007
Hi Wilhelm, That's certainly something we will consider for upcoming versions of the CLR, however we still have to take compat into account. For instance, making that change breaks anyone who creates an Evidence collection with a non-serializable object and then doesn't do anything with it. It's a bit of a contrived scenario, but still one we need to consider before making the change. -ShawnAnonymous
January 14, 2007
The comment has been removedAnonymous
February 20, 2007
We all know that the CLR provides many types of evidence to assemblies and AppDomains by default, but